The Secret of the Vote

a detective story for lawyers

Robert Riemann with supervision of Stéphane Grumbach

Flickr/MIKI Yoshihito

The Voting Protocol shall provide legitimacy for the voting outcome.
  • secrecy of the ballot:
    no coercion or ballot selling
  • correctness:
    final tally is sum of individual votes
  • verifiability:
    proof of the correctness
  • voter convenience:
    significant voter turnout
  • and many more...

Important Properties:

PhD Thesis

Decentralised Political Election Systems Based On Social Networks
  • vote counting without trusted authority
  • every voter participates in counting
  • hierarchy: groups with intermediate tallies

Alice

Bob

Secrecy of the Ballot

Alice

Bob

Vote:

Vote:

exchange

No

?

192.158.2.1

121.201.76.12

What means secret?

What is knowledge?

information theory

Information after Shannon:

H(X) = -\sum_{x \in \mathbb{X}} p(x) \log p(x)
H(X)=xXp(x)logp(x)H(X) = -\sum_{x \in \mathbb{X}} p(x) \log p(x)

Example:

  • Alice and Bob voted: tally contains Dagobert and Phantomias
  • redundancy: if Alice’s vote is known, those of Bob as well
  • H is maximal if probability
    p(Alice voted for Phantomias) = 50%

Secrecy

All configurations are equally probable.

Example:

Alice voted with 50% probability for Phantomias and with 50% for Dagobert.

secrecy of
the ballot

The ballot for Dagobert has been filled with 50% probability by Alice or Bob.

secrecy of
the voter

=

Secrecy

If Alice voted for Phantomias with 70% probability, is this still secret?

If Alice and Bob voted both for Phantomias, there is no secret!

If Alice gives Bob a procuration, there is no secret!

Correctness

Ballots are counted by humans.

How do we deal with the uncertainty in the case of a very close voting outcome?

Example:

French municipal (Lescar, 2014) produced a tie with 2,670 votes

https://en.wikipedia.org/wiki/List_of_close_election_results

Image: Fickr/UNDP

Secrecy of Voting Today

  • DNA fingerprint (invisible ink) on paper
  • video surveillance (with smartphones)
  • Big Data analysis based on Social networks
  • (unconscious manipulation ahead of voting)

Technological progress weakens paper-based voting protocols.

Expectations on Specification

Legislation

  • precise definition of secrecy
  • description of required tolerance

Voting Legislation
in France

 Le dispositif garantit que l’identité de l’électeur ne peut pas être mise en relation avec l’expression de son vote, à tout moment du processus de vote, y compris après le dépouillement.

à 100% ?

Voting Legislation
in France

Aucun décompte partiel n'a pu être effectué durant le scrutin.

sondage à la sortie des urnes?

Le bureau du vote
électronique vérifie que les listes d'émargement sont vierges et que l'urne électronique est vide.

avec les yeux ?

Voting Legislation
in France

[Le vote] fait l'objet d'un chiffrement dès son émission sur le terminal utilisé par l'électeur.

Qui peut déchiffrer ?

Affirmation du loi :

Les membres du bureau du vote électronique sont honettes.

Pourquoi ? Encore dans 20 ans ?

Made with Slides.com